CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
17.0%
Under certain circumstances, invalid authentication credentials could be sent to the login endpoint of Johnson Controls Metasys NAE55, SNE, and SNC engines prior to versions 11.0.6 and 12.0.4 and Facility Explorer F4-SNC engines prior to versions 11.0.6 and 12.0.4 to cause denial-of-service.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(501833);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/09/04");
script_cve_id("CVE-2023-4486");
script_xref(name:"ICSA", value:"23-341-03");
script_name(english:"Johnson Controls Metasys and Facility Explorer Uncontrolled Resource Consumption (CVE-2023-4486)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"Under certain circumstances, invalid authentication credentials could
be sent to the login endpoint of Johnson Controls Metasys NAE55, SNE,
and SNC engines prior to versions 11.0.6 and 12.0.4 and Facility
Explorer F4-SNC engines prior to versions 11.0.6 and 12.0.4 to cause
denial-of-service.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-23-341-03");
script_set_attribute(attribute:"see_also", value:"https://www.johnsoncontrols.com/cyber-solutions/security-advisories");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Johnson Controls recommends users update the products to the latest versions:
- Update Metasys NAE55 engines to version 11.0.6
- Update Metasys NAE55 engines to version 12.0.4
- Update Metasys SNE engines to version 11.0.6
- Update Metasys SNE engines to version 12.0.4
- Update Metasys SNC engines to version 11.0.6
- Update Metasys SNC engines to version 12.0.4
- Update Facility Explorer F4-SNC engine to version 11.0.6
- Update Facility Explorer F4-SNC engine to version 12.0.4
For more information, contact your local Johnson Controls office or Authorized Building Control Specialists (ABCS).
For more detailed mitigation instructions, please see Johnson Controls Product Security Advisory JCI-PSA-2023-08 v2.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-4486");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(400, 770);
script_set_attribute(attribute:"vuln_publication_date", value:"2023/12/07");
script_set_attribute(attribute:"patch_publication_date", value:"2023/12/07");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/12/14");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:johnsoncontrols:nae55_firmware");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/JohnsonControls");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/JohnsonControls');
var asset = tenable_ot::assets::get(vendor:'JohnsonControls');
var vuln_cpes = {
"cpe:/o:johnsoncontrols:nae55_firmware" :
{"versionEndExcluding" : "12.0.4", "family" : "MetasysNae"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
17.0%